Subject: Re: "racoon" installation
To: None <tech-security@netbsd.org>
From: Bernd Ernesti <netbsd@arresum.inka.de>
List: tech-security
Date: 03/03/2000 09:44:28
by redmail.netbsd.org with SMTP; 3 Mar 2000 09:24:15 -0000
by arresum.inka.de (8.9.3/8.9.3) id JAA03157
for tech-security@netbsd.org; Fri, 3 Mar 2000 09:44:29 +0100 (MET)
From: Bernd Ernesti <netbsd@arresum.inka.de>
Message-Id: <200003030844.JAA03157@arresum.inka.de>
Subject: Re: "racoon" installation
To: tech-security@netbsd.org
Date: Fri, 3 Mar 2000 09:44:28 +0100 (MET)
In-Reply-To: <21139.952053507@lychee.itojun.org> from "Jun-ichiro itojun Hagino" at Mar 03, 2000 12:18:27 PM
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
On Fri Mar 3 04:18:27 2000, Jun-ichiro itojun Hagino wrote:
>
> Hello.
>
> KAME racoon (IKE daemon) is trying to improve certificate support.
> Use of RSA is very popular for X.509 certificates. Therefore, with
> plain installation of NetBSD-current with crypto-{us,intl}, racoon
> cannot support certificates. It would be a bit pity situation.
That can be fixed when you use PATENTEDOPENSSLSRC in /etc/mk.conf.
If thats not enough, then we have to provide more support to fix the problem.
> I think of providing racoon as pkgsrc (pkgsrc/security/racoon),
> instead of in base system (remove racoon from base system installation
NO, please don't do that.
Bernd